Identifying active machines
Before attempting a pentest, we first need to identify the active machines that are on the target network range.
A simple way would be by performing a ping on the target network. Of course, this can be rejected or known by a host, and we don't want that.
How to do it...
Let's begin the process of locating active machines by opening a terminal window:
Using Nmap we can find if a host is up or not, shown as follows:
nmap -sP 216.27.130.162 Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-04-27 23:30 CDT Nmap scan report for test-target.net (216.27.130.162) Host is up (0.00058s latency). Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
We can also use Nping (Nmap suite), which gives us a more detailed view:
nping --echo-client "public" echo.nmap.org
We can also send some hex data to a specified port:
nping -tcp -p 445 –data AF56A43D 216.27.130.162
